<?php
/**
 * Description of AdminLoginModule
 *
 * @author
 */

class AdminLoginModule extends BaseModule{


    /**
     * 登录页从SQL获取用户帐号和密码
     *
     * @param str $user_login 帐号
     * @param str $user_pass 密码
     * @return bool
     */
    public static function sql_user($user_login, $user_pass) {
        if ($user_login && $user_pass != '') {
            $password=md5($user_pass.ADMIN_KEY);
            $db = DB_MySQLi::getInstance();
            $sq = "select * from user_user where username='" . $db->escapeString($user_login) . "' and password='" . $db->escapeString($password) . "'"; //从数据库查找用户名和密码
            $query = $db->query($sq);
            $row = mysqli_fetch_array($query);
            if (!empty($row)) {
                return $row;
            }
        }
        return false;
    }

    /**
     * 查处该用户所属用户组中的权限
     *
     * @param int $id 用户ID
     * @return
     */
    public static function select_grouproot($id) {
        $db = DB_MySQLi::getInstance();
        $usersql = $db->getData_ASSOCS("select * from user_user where id='" . intval($id) . "'");
        if (!empty($usersql)) {
              $sql = $db->getData_ASSOCS("select up_id from user_directory where id='" . intval($usersql[0]['directory_id']) . "' and is_forbidden = 1");
        }
        if($sql){
            return $sql[0]['up_id'];
        }
        return false;
    }

    /**
     * 通过session中的ID，从SQL中查找该用户
     *
     * @param int $id 该用户ID
     * @return bool
     */
    public static function select_cookie($id) {
        if ($id != '') {
            $db = DB_MySQLi::getInstance();
            $query = $db->query("select * from user_user where id='" . intval($id) . "'"); //从数据库查找用户名和密码
            $row = mysqli_fetch_array($query);
            return $row;
        } else {
            return false;
        }
    }

    /**
     * 校验用户是否登录,如果已经登录直接跳转
     *
     * @param str $data
     * @param str $row_user
     * @return bool
     */
    public static function checkdMd5($data, $row_user) {
        if ($data == md5($row_user . ADMIN_KEY)) {
            return true;
        }
        return false;
    }

    /**
     * 检测用户登录名是否正确
     *
     * @param str $str 用户输入的用户名
     * @return bool
     */
    public static function returnMd5($str) {
        if (!empty($str)) {
            return md5($str . ADMIN_KEY);
        }
        return false;
    }

    /**
     * 查找密码最后修改时间
     * @param type $userid
     */
    public static function sqlPwdTime($userid){
        $db = DB_MySQLi::getInstance();
        $usersql = $db->getData_ASSOCS("select pwd_time from user_user where id='" . intval($userid) . "'");
        return $usersql;
    }

    /**
     * 修改密码时间
     */
    public static function sqlUpPwdTime($userid,$pwd){
        $db = DB_MySQLi::getInstance();
        $UserSql = $db->query("update user_user set password ='".md5($pwd.ADMIN_KEY)."',pwd_time='".time()."' where id=" . intval($userid));
        if($UserSql){
            return true;
        }
    }

    /**
     * 修改用户登录时间
     */
    public static function sqlUpUserLoginTime($userid){
        $db = DB_MySQLi::getInstance();
        $UserSql = $db->query("update user_user set last_login =now() where id=" . intval($userid));
        if($UserSql){
            return true;
        }
    }

    /**
     * 获取客户端IP
     */
    public static function getUserIp(){
        if($_SERVER['REMOTE_ADDR']) {
                $cip= $_SERVER['REMOTE_ADDR'];
            }elseif(getenv("REMOTE_ADDR")) {
                $cip= getenv("REMOTE_ADDR");
            }elseif(getenv("HTTP_CLIENT_IP")) {
                $cip= getenv("HTTP_CLIENT_IP");
            }
            return $cip;
    }

    /**
     * 设置用户登录失败次数,超过次数需要重新审核
     * @param type $user_login 用户名
     */
    public static function user_assess($user_login){
        session_start();
       $key = md5('error_num_'.$user_login);
        $get_session=Handler_http::getSession($key);

        if(!empty($get_session)){
            if($get_session+1 == USER_LOGIN_ERROR){
                $db = DB_MySQLi::getInstance();
                //$up_user=$db->query("update user_user set is_forbidden ='1',loginErrTime='".time()."' where username='" .trim($user_login)."'");
                $up_user=$db->query("update user_user set loginErrTime='".time()."' where username='" .trim($user_login)."'");
                $up_user_bak=self::sqlUserJson($user_login);
                if($up_user&&$up_user_bak){
                    Handler_http::delSession($key);
                    return true;
                }else{
                    return false;
                }
            }else{
                $return = $get_session + 1;
                Handler_http::setSession($key,$return,SESSION_TIME);
            }
        }else{
            $return = 1;
            Handler_http::setSession($key,$return,SESSION_TIME);
        }
    }

    private static function sqlUserJson($username){
        $data=UserDao::sqlUserData($username);
//        if(!empty($data)){
            $user['username'] = $data[0]['username'];
            $user['userid'] = $data[0]['id'];
//            $user['iccard'] =$data[0]['card'];
//            $user['email'] = $data[0]['email'];
//            $user['phone'] = $data[0]['phone'];
//            $user['department']=$data[0]['depid'];
//            $user['is_audit'] = $data[0]['is_admin'];
//            $user['level'] = $data[0]['level'];
//            $user['ip_adress'] = $data[0]['ip_adress'];
//            $name=array('username'=>$username,'nickname'=>$data[0]['nickname']);
//            $return=UserDao::sqlPendingUser($name,json_encode($user),4,$user['userid']);
//           if($return){
                $log_id=LogManager::writeAdminModifyLog($user['userid'],$user['username'],"该账号密码输入次数超过规定,请锁定时间过后再登陆!!");
                $auditlog=LogManager::writeAuditLog($user['userid'], $user['username'], $log_id, 1, 2);
                UserDao::sqlUpUserBakLog($username,$auditlog);
               return true;
//           }
//        }
//        return false;

    }

    /**
     * 查找当前用户的权限ID和创建时间
     */
    public static function getAdminDirectory($userid){
        $db = DB_MySQLi::getInstance();
        $UserSql = $db->getData_ASSOCS("select directory_id,joined_time  from user_user where id='" . intval($userid)."'");
        return $UserSql;
    }
    
    /**
     * 检索用户是否被锁定
     */
    public static function sql_loginErrTime($userlogin){
        $db = DB_MySQLi::getInstance();
        $sq = "select loginErrTime from user_user where username='" . $db->escapeString($userlogin) . "'"; //从数据库查找用户名和密码
            $query = $db->query($sq);
            $row = mysqli_fetch_array($query);
            if (!empty($row)) {
                return $row;
            }
            return false;
    }
}

?>
